Skip to content

Instantly share code, notes, and snippets.

Avatar
🍻
Working from home

Roberto Rodriguez Cyb3rWard0g

🍻
Working from home
View GitHub Profile
View Get-ClrReflection.ps1
function Get-ClrReflection
{
<#
.SYNOPSIS
Detects memory-only CLR (.NET) modules
Author: Joe Desimone (@dez_)
License: BSD 3-Clause
View Invoke-ExcelMacroPivot.ps1
function Invoke-ExcelMacroPivot{
<#
.AUTHOR
Matt Nelson (@enigma0x3)
.SYNOPSIS
Pivots to a remote host by using an Excel macro and Excel's COM object
.PARAMETER Target
Remote host to pivot to
.PARAMETER RemoteDocumentPath
Local path on the remote host where the payload resides
@jaredcatkinson
jaredcatkinson / Get-InjectedThread.ps1
Last active Jun 15, 2022
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
View Get-InjectedThread.ps1
function Get-InjectedThread
{
<#
.SYNOPSIS
Looks for threads that were created as a result of code injection.
.DESCRIPTION